By Avani Desai
The information security industry is undeniably male-dominated: the percentage of women working in the tech industry is 30%, based on a 2015 survey from eleven of the world's biggest tech companies. And when it comes to infosec specifically, the percentage of female employees drops to 10%. Yet, women constitute 59% of the general labor force in this country. Here are even more specific numbers:
Women at Microsoft:
16.6% hold technical positions
23% are in leadership roles
Women at Twitter:
10% hold technical positions
21% are in leadership roles
Women at Google:
17% hold technical positions
21% are in leadership roles
Rising to the challenge of filling these jobs and ensuring that we combat increasingly complex security threats, it is essential to attract more diverse individuals to the sector of information security. There is an untapped bounty of human talent that is just waiting to be discovered and hungry to contribute.
Striving for equality in the workplace isn’t just good for the soul, or good for the economic bottom line of any company — it is essential to meet the increasing demands on the tech and infosec industries.
The Gender Gap Is Real, But Why?
There is no superior sex when it comes to the ability to develop, design, research, innovate, and think critically. This is especially true for information security.
However, the nature of this industry simply demands more from its members. Experts are required to travel and put in long hours to make breakthroughs for their clients, and often this means time is spent away from the family. Women are conditioned to be caregivers and find as much meaning in their familial roles as they do in their professional ones. It is unfair to say that men do not want to be at home more as well, but it is certainly more acceptable when they are not, and the professional world projects this expectation that it’s okay for men to travel and work late hours but not for women.
Another reason for this gender gap is found in the recruiting process. As Amy Dolan of DialogTech states: “The very nature of bias is that it shows up in everything we do and say (or don’t do and say) without our even being conscious of it. Job descriptions are a prime example of where the language that we use without thinking can actually discourage qualified candidates from applying for the position. And then companies wonder why they keep hiring the same person over and over again.”
This is especially important now, since cybercrime and the need for information security is rapidly increasing and changing. As security becomes more about understanding human behavior and protecting users as they work, individuals with an ideal spectrum of skills are in short supply and huge demand — partially because organizations haven’t fully acknowledged the value women can bring to the table regarding cybersecurity.
In other words, there are all these resources out there and the tech industry is turning a sexist eye.
Men Can Promote What Women Bring to the Table
Popular opinion espouses the notion that men and women work differently, in both their personal and professional lives. For decades, women have been told to act — specifically: work — like men and have been taught that masculine attributes lead to success. Women can bring a unique lens to the workplace, however, without sacrificing their values, mindset, or femininity.
Here are a few elements that women can bring to the infosec (or any) table, and that men can promote:
Problem Solving. Science propounds evidence that men and women’s brains are physically structured differently, and researchers have also proven the distinct responses to stimuli amongst the sexes. The brain’s overall size is purely an indication of the body’s different physical measurements and not capabilities, so while “women’s brains are typically 8% smaller than men’s [they] are more efficient at tracking changes and inductive reasoning.”
Scientific literature also suggests that “men tend to process better in the left hemisphere of the brain while women tend to process equally well between the two hemispheres. This notable sex-difference illustrates why men are generally stronger with left-brain activities and approach problem-solving from a task-oriented perspective while women typically solve problems more creatively and are more aware of feelings while communicating.”
This makes information security an ideal field for women, as the industry places an emphasis on addressing multivariable problems, critical thinking, and behavioral psychology, a trifecta of skills in which women usually excel.
Inclusion and Camaraderie. Women are exemplary communicators. Naturally more intuitive to emotions and nonverbal cues, women can empathize more easily and focus on solving complex problems that require cooperation and acceptance between internal groups such as technology, legal, human resources, and compliance, as well as external groups such as regulators and third parties. Men, in general, are apt to be “more task-oriented, less talkative, and more isolated ... [and] these differences explain why men-to-men friendships look different from friendships between women.”
Creative Perspective. Thinking proactively, creatively and holistically about security can change the direction of your organization and mission. Women tend to be more creative and there’s a scientific explanation for this, too. As Stephanie Holland, entrepreneur and President of Holland + Holland Advertising notes: “[Women] are indeed planning ahead, visualizing multiple solutions, and using that female brain processing to put more time and effort into a decision or problem-solving process (a.k.a. taking a long time).”
Women approach problems with a different perspective; they also have a larger limbic cortex (the part of the brain associated with regulating emotion), which they tap into when making decisions. Especially when problem-solving, women are more effective when they have opportunities and time to emotionally connect with the situation.
Men Can Demand Equal Work, Equal Roles, and Equal Pay
Today’s reality is deeply rooted in valid fears and illustrated by harsh statistics. As CESG’s Director of Cyber Security, Alex Dewdney, admitted at this year’s RSA Conference: “We can point to lots of achievements around understanding the threats much better, about taking steps to mitigate those threats, addressing the national skills base, and so on — but, nationally, we are not winning the fight on cyber security.”
Certainly, male CIOs and other executives can work to recruit a more diverse spectrum of experts, especially prioritizing the hiring and retention of women in cybersecurity positions. Apart from the obvious ethical argument, studies are showing how more gender-balanced teams are more productive, innovative, efficient, and cost-effective.
When women are in leadership positions, businesses are even more profitable:
A report by McKinsey & Co. reveals that full gender equality would add at least $12 trillion—and as much as $28 trillion—to the global gross domestic product in 2025.
Harvard Business Review notes the correlation between female leadership and financial performance: businesses directed by women generally outperformed — in average growth, price/book-value multiples, and ROI — those that weren’t.
Sodexo performed a study which revealed that more gender-balanced departments were “13% more likely to deliver consistent organic growth and 23% more likely to show an increase in growth profit [...] Overall, teams with gender-balanced management achieve... benefits that include employee engagement, enhanced brand image, greater client and customer satisfaction, increased organic growth, and an increase in generating profit and cash.”
Men Can Fight for a More Accessible, Supportive Workplace for all Employees
Aside from opening its doors, the information security industry can cultivate a work culture that is more amenable to women. ISC2’s recently released report “Women in Security: Wisely Positioned for the Future of InfoSec” recommends mentorship programs and encourages organizations to adapt training platforms that will attract and retain women professionals.
Most cybersecurity professionals have the ability to “work from home and commute in for the odd client or internal meeting, or work from global locations that we choose to live in,” explains Jane Frankland, CISO advisor and Managing Director of Cyber Security Capital. “[And] this is good, for what it means is that there will be more flexibility” — an especially essential element for working mothers.
Within and beyond the company walls, there are many opportunities for men to champion their female peers. Cinthya Grajeda-Mendez, who has experience in both the military and cyber security (which she says is more male dominant than the military!), reminds us that “there are men who do help you succeed...because they also have mothers, daughters, wives and sisters who they want to see being treated fairly by men and have the same opportunities they have been given.”
A leadership guide by management consulting corporation Winmark and global relationship law firm ReedSmith entitled “Gender Balancing: It’s Good Business” described some behaviors and initiatives that male leaders and colleagues can initiate to transform the corporate culture and engage women in the workforce:
Allow for flexible working policies.
Enact a disciplinary policy around inappropriate behaviors.
Provide counseling and coaching, including coaching for the fusion of specific roles (i.e. maternity coaching).
Actively support gender-balancing initiatives by senior management.
Promote awareness training around gender balancing.
Promote women’s networks.
Perform personal development planning and mentoring programs for high-potential women.
Encourage head-hunters to put forward female candidates.
Offer management training for women (i.e. the Winmark Women in Leadership Course).
Employ a Chief Diversity Officer (CDO) or Director of Diversity.
Create a policy that encourages female candidates to be put forward for internal promotions.
Provide a succession planning program for women.
Men Can Mentor and Encourage the Women of Tomorrow
BrandProtect cyber risk and threat expert Shanna Gordon states: “I would argue that the problem actually starts as early as grade school. The reality is boys tend to be more interested in STEM subjects and professions. The question is: why? Could it be because girls simply haven’t been pushed as hard to get involved with science and math?”
It is time to enlighten and empower girls just as much as boys on the positive aspects of information security: a career that is extremely future-oriented, in high demand, highly compensated, empowering, and liberating.
We are seeing this paradigm shift with initiatives like Girls Who Code – a movement that is fighting to increase the interest of girls in computer science between the ages of 13-17 and hopes to establish the largest pipeline of female engineers in the U.S.
Despite the ratio of women outperforming men in higher education in general, the statistics show that men still dominate when it comes to science, technology, engineering, and mathematics.
Imagine a world where a majority of girls are just as passionate about Joanna Rutkowska and Jutta Kleinschmidt as they are about Jane Austen!
About Avani Desai
Avani Desai is a Principal and the Executive Vice President at Schellman & Company and has more than 15 years of experience in IT attestation, risk management, compliance and privacy. Avani’s primary focus is on emerging healthcare issues and privacy concerns for organizations.